WP Super Cache - Version 1.3.1

Version Description

Fixed XSS problem on the settings page. Upgrade recommended. Warning: if you use them, you will have to enable mfunc, mclude and dynamic-cached-content on the settings page in the next major release (1.4).

Download this release

Release Info

Developer	donncha
Plugin	WP Super Cache
Version	1.3.1
Comparing to
See all releases

Code changes from version 1.3 to 1.3.1

Files changed (8) hide show

Changelog.txt +19 -0
plugins/awaitingmoderation.php +1 -1
plugins/badbehaviour.php +1 -1
plugins/domain-mapping.php +1 -1
plugins/searchengine.php +1 -1
plugins/wptouch.php +1 -1
readme.txt +10 -3
wp-cache.php +3 -3

Changelog.txt CHANGED Viewed

@@ -1,3 +1,22 @@
 -04-11 11:14  donncha
             	* readme.txt, wp-cache.php: Bump version tested to 3.5.1 and


1	+ 2013-04-12 11:25 donncha
2	+
3	+ * readme.txt, wp-cache.php: Bump version to 1.3.1
4	+
5	+ 2013-04-12 11:13 donncha
6	+
7	+ * readme.txt: Updated changelog and documentation
8	+
9	+ 2013-04-12 10:42 donncha
10	+
11	+ * plugins/awaitingmoderation.php, plugins/badbehaviour.php,
12	+ plugins/domain-mapping.php, plugins/searchengine.php,
13	+ plugins/wptouch.php, wp-cache.php: Fixed XSS problems with
14	+ REQUEST_URI on the settings page.
15	+
16	+ 2013-04-11 11:18 donncha
17	+
18	+ * Changelog.txt: Updated changelog
19	+
20	2013-04-11 11:14 donncha
21
22	* readme.txt, wp-cache.php: Bump version tested to 3.5.1 and

plugins/awaitingmoderation.php CHANGED Viewed

	@@ -30,7 +30,7 @@ function wp_supercache_awaitingmoderation_admin() {
30	?>
31	<fieldset id="<?php echo $id; ?>" class="options">
32	<h4><?php _e( 'Awaiting Moderation', 'wp-super-cache' ); ?></h4>
33	- <form name="wp_manager" action="~~<?php echo $_SERVER[~~ "~~REQUEST_URI"~~ ~~]; ?>"~~ method="post">
34	<label><input type="radio" name="cache_awaitingmoderation" value="1" <?php if( $cache_awaitingmoderation ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
35	<label><input type="radio" name="cache_awaitingmoderation" value="0" <?php if( !$cache_awaitingmoderation ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
36	<p><?php _e( 'Enables or disables plugin to Remove the text "Your comment is awaiting moderation." when someone leaves a moderated comment.', 'wp-super-cache' ); ?></p>


30	?>
31	<fieldset id="<?php echo $id; ?>" class="options">
32	<h4><?php _e( 'Awaiting Moderation', 'wp-super-cache' ); ?></h4>
33	+ <form name="wp_manager" action="" method="post">
34	<label><input type="radio" name="cache_awaitingmoderation" value="1" <?php if( $cache_awaitingmoderation ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
35	<label><input type="radio" name="cache_awaitingmoderation" value="0" <?php if( !$cache_awaitingmoderation ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
36	<p><?php _e( 'Enables or disables plugin to Remove the text "Your comment is awaiting moderation." when someone leaves a moderated comment.', 'wp-super-cache' ); ?></p>

plugins/badbehaviour.php CHANGED Viewed

	@@ -61,7 +61,7 @@ function wp_supercache_badbehaviour_admin() {
61	?>
62	<fieldset id="<?php echo $id; ?>" class="options">
63	<h4><?php _e( 'Bad Behavior', 'wp-super-cache' ); ?></h4>
64	- <form name="wp_manager" action="~~<?php echo $_SERVER[~~ "~~REQUEST_URI"~~ ~~]; ?>"~~ method="post">
65	<label><input type="radio" name="cache_badbehaviour" value="1" <?php if( $cache_badbehaviour ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
66	<label><input type="radio" name="cache_badbehaviour" value="0" <?php if( !$cache_badbehaviour ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
67	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php


61	?>
62	<fieldset id="<?php echo $id; ?>" class="options">
63	<h4><?php _e( 'Bad Behavior', 'wp-super-cache' ); ?></h4>
64	+ <form name="wp_manager" action="" method="post">
65	<label><input type="radio" name="cache_badbehaviour" value="1" <?php if( $cache_badbehaviour ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
66	<label><input type="radio" name="cache_badbehaviour" value="0" <?php if( !$cache_badbehaviour ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
67	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php

plugins/domain-mapping.php CHANGED Viewed

	@@ -71,7 +71,7 @@ function wp_supercache_domain_mapping_admin() {
71	?>
72	<fieldset id="<?php echo $id; ?>" class="options">
73	<h4><?php _e( 'Domain Mapping', 'wp-super-cache' ); ?></h4>
74	- <form name="wp_manager" action="~~<?php echo $_SERVER[~~ "~~REQUEST_URI"~~ ~~]; ?>"~~ method="post">
75	<label><input type="radio" name="cache_domain_mapping" value="1" <?php if( $cache_domain_mapping ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
76	<label><input type="radio" name="cache_domain_mapping" value="0" <?php if( !$cache_domain_mapping ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
77	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php


71	?>
72	<fieldset id="<?php echo $id; ?>" class="options">
73	<h4><?php _e( 'Domain Mapping', 'wp-super-cache' ); ?></h4>
74	+ <form name="wp_manager" action="" method="post">
75	<label><input type="radio" name="cache_domain_mapping" value="1" <?php if( $cache_domain_mapping ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
76	<label><input type="radio" name="cache_domain_mapping" value="0" <?php if( !$cache_domain_mapping ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
77	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php

plugins/searchengine.php CHANGED Viewed

	@@ -65,7 +65,7 @@ function wp_supercache_searchengine_admin() {
65	?>
66	<fieldset id="<?php echo $id; ?>" class="options">
67	<h4><?php _e( 'No Adverts for Friends', 'wp-super-cache' ); ?></h4>
68	- <form name="wp_manager" action="~~<?php echo $_SERVER[~~ "~~REQUEST_URI"~~ ~~]; ?>"~~ method="post">
69	<label><input type="radio" name="cache_no_adverts_for_friends" value="1" <?php if( $cache_no_adverts_for_friends == 'yes' ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
70	<label><input type="radio" name="cache_no_adverts_for_friends" value="0" <?php if( $cache_no_adverts_for_friends == 'no' ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
71	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php


65	?>
66	<fieldset id="<?php echo $id; ?>" class="options">
67	<h4><?php _e( 'No Adverts for Friends', 'wp-super-cache' ); ?></h4>
68	+ <form name="wp_manager" action="" method="post">
69	<label><input type="radio" name="cache_no_adverts_for_friends" value="1" <?php if( $cache_no_adverts_for_friends == 'yes' ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
70	<label><input type="radio" name="cache_no_adverts_for_friends" value="0" <?php if( $cache_no_adverts_for_friends == 'no' ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
71	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php

plugins/wptouch.php CHANGED Viewed

	@@ -18,7 +18,7 @@ function wp_super_cache_wptouch_admin() {
18	?>
19	<fieldset id="<?php echo $id; ?>" class="options">
20	<h4><?php _e( 'WPTouch', 'wp-super-cache' ); ?></h4>
21	- <form name="wp_manager" action="~~<?php echo $_SERVER[~~ "~~REQUEST_URI"~~ ~~]; ?>"~~ method="post">
22	<label><input type="radio" name="cache_wptouch" value="1" <?php if( $cache_wptouch ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
23	<label><input type="radio" name="cache_wptouch" value="0" <?php if( !$cache_wptouch ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
24	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php


18	?>
19	<fieldset id="<?php echo $id; ?>" class="options">
20	<h4><?php _e( 'WPTouch', 'wp-super-cache' ); ?></h4>
21	+ <form name="wp_manager" action="" method="post">
22	<label><input type="radio" name="cache_wptouch" value="1" <?php if( $cache_wptouch ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label>
23	<label><input type="radio" name="cache_wptouch" value="0" <?php if( !$cache_wptouch ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label>
24	<p><?php _e( '', 'wp-super-cache' ); ?></p><?php

readme.txt CHANGED Viewed

	@@ -2,7 +2,7 @@
2	Contributors: donncha, automattic
3	Tags: performance,caching,wp-cache,wp-super-cache,cache
4	Tested up to: 3.5.1
5	- Stable tag: 1.3
6	Requires at least: 3.0
7
8	A very fast caching engine for WordPress that produces static html files.
	@@ -56,11 +56,16 @@ The cache directory, usually wp-content/cache/ is only for temporary files. Do n
56
57	== Upgrade Notice ==
58
59	- = 1.3 =
60	- Fixed ~~mfunc~~ ~~exploit~~ ~~due~~ to ~~user~~ ~~input,~~ ~~add~~ ~~support for LOGGED_IN_COOKIE~~

61
62	== Changelog ==
63




64	= 1.3 =
65	* mfunc tags could be executed in comments. Fixed.
66	* More support for sites that use the LOGGED_IN_COOKIE constant and custom cookies.
	@@ -366,6 +371,8 @@ No, it will do the opposite. Super Cache files are compressed and stored that wa
366
367	= How do I make certain parts of the page stay dynamic? =
368


369	There are 2 ways of doing this. You can use Javascript to draw the part of the page you want to keep dynamic. That's what Google Adsense and many widgets from external sites do. Or you can use a WP Super Cache tag to do the job but you can't use mod_rewrite mode caching. You have to switch to PHP or legacy caching.
370
371	There are a few ways to do this, you can have functions that stay dynamic or you can include other files on every page load. To execute PHP code on every page load you can use either the "dynamic-cached-content", "mfunc", or "mclude" tags. The "dynamic-cached-content" tag is easier to use but the other tags can still be used. Make sure you duplicate the PHP code when using these tags. The first code is executed when the page is cached, while the second chunk of code is executed when the cached page is served to the next visitor.


2	Contributors: donncha, automattic
3	Tags: performance,caching,wp-cache,wp-super-cache,cache
4	Tested up to: 3.5.1
5	+ Stable tag: 1.3.1
6	Requires at least: 3.0
7
8	A very fast caching engine for WordPress that produces static html files.

56
57	== Upgrade Notice ==
58
59	+ = 1.3.1 =
60	+ Fixed XSS problem on the settings page. Upgrade recommended.
61	+ Warning: if you use them, you will have to enable mfunc, mclude and dynamic-cached-content on the settings page in the next major release (1.4).
62
63	== Changelog ==
64
65	+ = 1.3.1 =
66	+ * Minor updates to documentation
67	+ * Fixed XSS in settings page.
68	+
69	= 1.3 =
70	* mfunc tags could be executed in comments. Fixed.
71	* More support for sites that use the LOGGED_IN_COOKIE constant and custom cookies.

371
372	= How do I make certain parts of the page stay dynamic? =
373
374	+ Note: from version 1.4 this functionality will be disabled by default. You will have to enable it on the settings page.
375	+
376	There are 2 ways of doing this. You can use Javascript to draw the part of the page you want to keep dynamic. That's what Google Adsense and many widgets from external sites do. Or you can use a WP Super Cache tag to do the job but you can't use mod_rewrite mode caching. You have to switch to PHP or legacy caching.
377
378	There are a few ways to do this, you can have functions that stay dynamic or you can include other files on every page load. To execute PHP code on every page load you can use either the "dynamic-cached-content", "mfunc", or "mclude" tags. The "dynamic-cached-content" tag is easier to use but the other tags can still be used. Make sure you duplicate the PHP code when using these tags. The first code is executed when the page is cached, while the second chunk of code is executed when the cached page is served to the next visitor.

wp-cache.php CHANGED Viewed

	@@ -3,13 +3,13 @@
3	Plugin Name: WP Super Cache
4	Plugin URI: http://ocaoimh.ie/wp-super-cache/
5	Description: Very fast caching plugin for WordPress.
6	- Version: 1.3
7	Author: Donncha O Caoimh
8	Author URI: http://ocaoimh.ie/
9	*/
10
11	/* Copyright 2005-2006 Ricardo Galli Granada (email : gallir@uib.es)
12	- Copyright 2007-~~2012~~ Donncha O Caoimh (http://ocaoimh.ie/) and many others.
13
14	This program is free software; you can redistribute it and/or modify
15	it under the terms of the GNU General Public License as published by
	@@ -3132,7 +3132,7 @@ function supercache_admin_bar_render() {
3132	'id' => 'delete-cache',
3133	'title' => __( 'Delete Cache', 'wp-super-cache' ),
3134	'meta' => array( 'title' => __( 'Delete cache of the current page', 'wp-super-cache' ) ),
3135	- 'href' => wp_nonce_url( admin_url( 'index.php?action=delcachepage&path=' . urlencode( $_SERVER[ 'REQUEST_URI' ] ) ), 'delete-cache' )
3136	) );
3137	}
3138	add_action( 'wp_before_admin_bar_render', 'supercache_admin_bar_render' );


3	Plugin Name: WP Super Cache
4	Plugin URI: http://ocaoimh.ie/wp-super-cache/
5	Description: Very fast caching plugin for WordPress.
6	+ Version: 1.3.1
7	Author: Donncha O Caoimh
8	Author URI: http://ocaoimh.ie/
9	*/
10
11	/* Copyright 2005-2006 Ricardo Galli Granada (email : gallir@uib.es)
12	+ Copyright 2007-2013 Donncha Ó Caoimh (http://ocaoimh.ie/) and many others.
13
14	This program is free software; you can redistribute it and/or modify
15	it under the terms of the GNU General Public License as published by

3132	'id' => 'delete-cache',
3133	'title' => __( 'Delete Cache', 'wp-super-cache' ),
3134	'meta' => array( 'title' => __( 'Delete cache of the current page', 'wp-super-cache' ) ),
3135	+ 'href' => wp_nonce_url( admin_url( 'index.php?action=delcachepage&path=' . urlencode( preg_replace( '/[ <>\'\"\r\n\t]/', '', $_SERVER[ 'REQUEST_URI' ] ) ) ), 'delete-cache' )
3136	) );
3137	}
3138	add_action( 'wp_before_admin_bar_render', 'supercache_admin_bar_render' );